1、准备-docker+k8s+kubesphere准
角色 | IP地址 | 主机名 | docker版本 | 硬件 | 操作系统 |
---|---|---|---|---|---|
主 | 192.168.5.151 | node151 | docker18.09.9 | 6核10G | CentOS7.8 |
节点 | 192.168.5.152 | node152 | docker18.09.9 | 6核10G | CentOS7.8 |
节点 | 192.168.5.153 | node153 | docker18.09.9 | 6核10G | CentOS7.8 |
cat >> /etc/hosts <<EOF
192.168.5.151 node151
192.168.5.152 node152
192.168.5.153 node153
EOF
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
yum -y update
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
关闭防火墙
systemctl stop firewalld.service && systemctl disable firewalld.service
systemctl stop firewalld && systemctl disable firewalld
#临时修改
setenforce 0
#永久修改,重启服务器后生效
sed -i '7s/enforcing/disabled/' /etc/selinux/config
修改/etc/fstab文件,注释掉 SWAP 的自动挂载,使用free -m确认 swap 已经关闭
//手动关闭swap
swapoff -a
-----------------------------------------------------
#手动修改
vim /etc/fstab
-----------------------------------------------------
/dev/mapper/centos-root / xfs defaults 0 0
UUID=8bb18265-c2f5-46da-875e-0410ac4d3aeb /boot xfs defaults 0 0
#/dev/mapper/centos-swap swap 把这一行注释掉
#查看swap是否关闭
free -m
-----------------------------------------------------
total used free shared buff/cache available
Mem: 1994 682 612 9 699 1086
Swap: 0 0 0
#安装chrony
yum -y install chrony
-----------------------------------------------------
#修改同步服务器地址为阿里云
sed -i.bak '3,6d' /etc/chrony.conf && sed -i '3cserver ntp1.aliyun.com iburst' /etc/chrony.conf
-----------------------------------------------------
#启动chronyd及加入开机自启
systemctl start chronyd && systemctl enable chronyd
-----------------------------------------------------
#查看同步结果
chronyc sources
-----------------------------------------------------
[root@node151 ~]# chronyc sources
210 Number of sources = 4
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^~ 139.199.214.202 2 6 77 34 -13ms[ -73ms] +/- 68ms
^* tick.ntp.infomaniak.ch 1 6 35 26 -24ms[ -84ms] +/- 126ms
^? electrode.felixc.at 0 8 0 - +0ns[ +0ns] +/- 0ns
^? a.chl.la 2 6 37 94 +153ms[ -19.6s] +/- 134ms
#向文件中写入以下内容
cat >/etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
#检查
cat /etc/sysctl.d/k8s.conf
#执行以下命令生效
modprobe br_netfilter && sysctl -p /etc/sysctl.d/k8s.conf
脚本创建了的/etc/sysconfig/modules/ipvs.modules文件,保证在节点重启后能自动加载所需模块。使用lsmod | grep -e ip_vs -e nf_conntrack_ipv4命令查看是否已经正确加载所需的内核模块
//向文件中写入以下内容
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
//修改权限以及查看是否已经正确加载所需的内核模块
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4
结果如下:
[root@node151 ~]# chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4
ip_vs_sh 12688 0
ip_vs_wrr 12697 0
ip_vs_rr 12600 0
ip_vs 145497 6 ip_vs_rr,ip_vs_sh,ip_vs_wrr
nf_conntrack_ipv4 15053 2
nf_defrag_ipv4 12729 1 nf_conntrack_ipv4
nf_conntrack 139264 7 ip_vs,nf_nat,nf_nat_ipv4,xt_conntrack,nf_nat_masquerade_ipv4,nf_conntrack_netlink,nf_conntrack_ipv4
libcrc32c 12644 4 xfs,ip_vs,nf_nat,nf_conntrack
安装ipset和ipvsadm(便于查看 ipvs 的代理规则)
yum -y install ipset ipvsadm
node151、node152、node153
1、执行
ssh-keygen -t rsa 一路回车
2、在node151上执行
cd /root/.ssh
cp id_rsa.pub authorized_keys
vim authorized_keys
4、将node152、node153下/root/.ssh/id_rsa.pub的公钥内容复制在node151的authorized_keys里,保存退出
5、复制
scp authorized_keys node152:$PWD
scp authorized_keys node153:$PWD
免密测试
ssh node152
退出
exit